While Microsoft Corp. (MSFT) has received much admonishment for its various Windows bugs over the years, it is a dramatic new bug from the brash challenger of the the operating system world, Apple, Inc.'s (AAPL) OS X Mountain Lion (10.8.2), which has people talking. The bug is startling simple, but it can crash almost any OS X app. All you have to do is type a word and a few characters.

I. Universal Crashes

The forbidden word is "File:///" (case sensitive). Type that in virtual any text input form (be it a notepad, a browser dialogue, a document editor, a calendar appointment, etc.) and the program will die. It appears that similar strings ("fILE:///" or "FILE://aa") can also trigger program crahes. In a bizarre twist, some crashes appear to be dependent on how fast you type certain variants (e.g. "File://" followed by characters). An Open Radar user named "Jonathan" shares a movie he made documenting that bizarre behavior here.

Among the programs confirmed to be infected are Tweetbot, Safari, Chrome, and TextEdit. The program appears to be tied somehow to some sort of deep-rooted API embedded into OS X (it appears not to be the spell-check API as the Safari location bar has no spell check, but is still affected).

A handful of apps, such as the image-editor Gimp, appear to be immune, perhaps because they disable whatever the trouble-making interface is. Typing the string in these apps will produce no crash.

Some users suggest that going to System Preferences > Language & Text > Text, and unchecking "Correct spelling automatically" and "Use symbol and text substitution" will stop the crashes in some apps. However, commenters say the apps continue in some programs even after doing that.

One loyal Apple user comments on the bug report:

This is actually a feature. It allows you to shut down all applications before shutting down your Mac:

Crashes Finder if typed into a Finder search field (not Spotlight, though). Crashes Safari if typed into the URL bar. Crashes Mail if typed into the search field. Crashes iTunes when typed into the search field. Crashes system-generated keychain unlock prompts (typed into the "Name:" field) Crashes Reminders if typed into the search field. ...

For now the bug is merely "interesting", but it also represents a potential security flaw. If malicious users start to use it in forms-based attacks, it could become a major headache for OS X users.